Sumo Logic

Staff Threat Research Engineer

Sumo Logic$162K — $190K *
US-AnywhereRemote in United States
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years of cybersecurity experience
  • Background as Senior/Principal SOC Analyst or in Purple Team and/or hunting
  • Experience in incident response
  • Proven ability to source threat detections from research to deployment
  • Familiarity with multiple technology stacks, including public cloud (AWS, Azure, GCP)
  • Experience in analyzing cloud infrastructure log telemetry
  • Contributed to cybersecurity blogs or delivered conference talks

Responsibilities

  • Research, develop, and test detection rules within lab infrastructure
  • Collaborate with product management to define research and development focus
  • Maintain and enhance threat research lab infrastructure
  • Provide feedback to engineering on features and product roadmap
  • Investigate industry trends for new detection opportunities
  • Engage with the community through blogs, talks, and open source contributions
  • Coordinate with Threat Detection Engineering on content development

Benefits

  • Opportunity to work with cutting-edge security technology
  • Engagement in research-driven threat detection
  • Collaborative environment with technical experts
  • Visibility and contribution through community-focused initiatives
  • Potential for participation in bonus or commission plans
  • Professional growth and development opportunities
Full Job Description
About the Role

We're looking for a staff-level threat researcher who thrives at the intersection of data and adversary tradecraft. In this role, you'll use your practitioner experience to uncover attacker behaviors, test them in realistic environments, and turn those insights into detection content that directly improves customer outcomes. You'll explore and exploit a variety of security technologies, with an emphasis on cloud and AI environments, to build, validate, and tune detections that reflect the latest attack techniques. In addition to applying existing research, you'll have opportunities to conduct original investigations, from malware analysis to infrastructure tracking and honeypot monitoring, designed to uncover novel insights that shape future detection strategies.
Who You Are

You're a seasoned security professional who's evolved from responding to incidents to preventing them. You have a deep curiosity for how attackers operate and a passion for translating that insight into practical detections that measurably improve defenses. You thrive in a hands-on environment: experimenting in the lab, analyzing data, and validating results. Collaboration and sharing come naturally to you: working with peers across Threat Labs and product teams, you enjoy turning research into real detections and community knowledge that protect customers everywhere.
Your Impact
  • Conduct and lead both applied and original threat research, transforming intelligence, telemetry, and investigation into actionable detection logic for the Sumo Logic SIEM.
  • Collaborate closely within Threat Labs to design, build, and refine detection content and validation pipelines that raise the bar for product and customer detection quality.
  • Drive innovation in detection methodologies, including research activities such as malware analysis, infrastructure tracking, or honeypot operations, to discover new attacker behaviors.
  • Publish and share findings - from detection logic to behavioral analysis and practical hunting guidance - that help customers maximize SIEM outcomes.
  • Contribute to Threat Labs' long-term vision of a research-driven, continuously evolving detection ecosystem built on practitioner insight and technical depth.
Responsibilities
  • Research, develop, and test threat detection logic in a lab environment, validating against real-world attacker behaviors and ensuring technical alignment with Sumo Logic SIEM capabilities.
  • Conduct original threat research, such as analyzing malware, tracking infrastructure, or experimenting with honeypots, and translate findings into detection opportunities.
  • Investigate industry and adversary trends to identify emerging detection opportunities.
  • Collaborate with product management and fellow Threat Labs engineers to scope and prioritize detection campaigns.
  • Maintain and expand Threat Labs' research lab infrastructure.
  • Provide practitioner feedback to engineering and product management to inform feature design and roadmap decisions.
  • Contribute to the security community through blogs, conference talks, open source projects, and public research contributions.
Requirements
  • 12+ years of cybersecurity experience that includes a mix of:
    • Senior/Principal SOC analyst, threat hunter, or purple team practitioner
    • Incident responder or detection engineer roles
  • Demonstrated ability to progress threat research into actionable detections and incident response outcomes.
  • Experience conducting original or self-directed threat research that resulted in novel findings - for example, malware or infrastructure analysis, honeypot operations, or similar investigative work leading to actionable insights.
  • Broad knowledge of multiple technology stacks and a strong curiosity to learn new platforms.
  • Deep experience with multiple major public clouds (AWS, Azure, or GCP), and familiarity with analyzing cloud-native logs and telemetry.
  • Understanding of emerging attack techniques targeting AI infrastructure and machine learning pipelines (e.g., data poisoning, model theft, or prompt injection), and familiarity with frameworks such as MITRE ATLAS.
  • Proven history of thought leadership through blogs, LinkedIn articles, or conference presentations.
  • Background in the cybersecurity vendor space, with experience providing expert feedback to product and engineering teams.
Desirable
  • Prior experience in customer-facing technical roles (consulting, remote support, or advisory).
  • Hands-on familiarity with offensive security tools (Atomic Red Team, Sliver, Cobalt Strike, etc.).
  • Scripting or automation capability (Python, PowerShell, etc.).
  • Experience with Security Orchestration, Automation, and Response (SOAR) technology.
  • Recognized presence or active participation in the security community (e.g., X/Twitter, conferences, open source).
  • Experience applying AI or machine learning techniques to improve operational efficiency and automation across the detection rule development lifecycle - from research and validation to deployment and tuning.

About Sumo Logic

Sumo Logic is a cloud-based log management and analytics company that provides real-time insights into application and infrastructure operations. The company's platform enables organizations to monitor, troubleshoot, and secure their applications and infrastructure, and to gain operational and business insights from their machine-generated data. Sumo Logic serves a wide range of industries, including financial services, healthcare, media, and retail. The company was founded in 2010 and is headquartered in Redwood City, California. It has additional offices in the United States, Europe, and Asia.
Learn more about Sumo Logic
Size
759 employees
Market Cap
$905.8 million
Industry
Net Income
-$80.3 million
Founded
2010
Revenue
$202.6 million
NASDAQ

Similar Jobs

More Jobs at Sumo Logic

More Information Technology Jobs

Find similar Staff Threat Research Engineer jobs: